Total newbie form mail question
Posted: Wed Apr 23, 2008 4:09 am
Hi guys, as the title TOTAL newbie here!
I am building a form mail function and found this one on a site to use as a starting point
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['email'];
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
I understand how to manipulate it to my needs (I think!!) but also read an artcle on email injection for spamming and wasnt sure whether and/or how to also put this code into the above function. The code I read to do this was:
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
[... direct user to an error page and quit ...]
}
How do I incorporate that in the above or is it covered with the !preg bit?
Any help would be greatly appreciated.
Thanks
Andrew
I am building a form mail function and found this one on a site to use as a starting point
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['email'];
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
I understand how to manipulate it to my needs (I think!!) but also read an artcle on email injection for spamming and wasnt sure whether and/or how to also put this code into the above function. The code I read to do this was:
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
[... direct user to an error page and quit ...]
}
How do I incorporate that in the above or is it covered with the !preg bit?
Any help would be greatly appreciated.
Thanks
Andrew